So, I make no secret of the fact I officially came into my career in security quite late in life. It had always been a hobby and I’d spent my time in the usual Support/Sysadmin/Developer/Engineer trenches before wandering off into Project Management and Middle Management.
When I decided I really didn’t want to be a manager of people or project and I wanted to follow my heart and transition into Security, I found getting up to speed surprisingly quick and easy, however it took many years for me to rid myself of impostor syndrome, but I got there.
Now, I’m faced with a friend taking that same journey. He’s left his role as a jack of all trades Sysadmin / Network Engineer / Technical Troubleshooter (which he was exceptional at, I was always good, but I’d always go to him when something foxed me) and recently started working in a SOC.
So, as I know he’s far too modest to do it himself, I want to track his journey into InfoSec and my attempts to help him along the way.
First step is covering the fundamentals, I don’t mean the OSI model, network protocols, security hygiene and stuff, he has all that nailed, I mean the stuff a life time hanging around data centres and writing bash scripts won’t give you.
This also ties into a problem I’ve been pondering with some of the DC151 regulars, how do we fix the fact students are coming out of Uni with decent Computer Security related degrees, but generally need a lot of training to fill entry level security roles. What can we do to help them hit the ground running?
So, I went and hit my own bookshelf to see what gives the most bang per buck (well, per page) when it comes to filling in those missing gaps. Whilst it was tempting to go for some of the industry bibles (The Web Application Hackers Handbook, The Hacker Playbook, Practical Malware Analysis, Threat Modelling – Designing for Security etc) those are massive tomes that whilst important, aren’t really the sort of thing you can read during your coffee break whilst doing a non-Security job, so I intentionally chose 3 lightweight books. All lean and trim, just the important stuff. These act as both a confidence builder (because they make you realise just how much you already know and don’t dishearten you by going into unfathomable technical detail) and as crib notes for topics to go and research some more once you feel that urge.
The three books are
Cyber Security Basics by Don Franke – I don’t even remember where I picked this up, but it’s less than 100 page of concise descriptions of everything from Logging, Monitoring and Alerting to DEP, User Awareness to Security Maturity Modelling, it’s a great primer. If I was trying to write a University course that acted as a gateway into the Security industry, that would be the outline of my curriculum.
Breaking Into Information Security by Andy Gill – Whilst aimed at wannabe Pentesters, Andy’s excellent book is short enough to be an excellent starting point for Blue Teamers to start to understand the patterns and practices of their attackers. It clocks in at 79 pages, but the text is a little small for old timers like me and my buddy.
Blue Team Handbook: Incident Response Edition by Don Murdoch. Ok, I lied, this IS a bit of an industry bible, but I think it should be essential reading for anyone working in a SOC. It starts on the theory, OODA loops, incident plans, chain of custody etc but rapidly moves on to being lots of practical examples that every incident investigator should have in their toolbox. At 153 pages, it’s the longest of the three, but it’s tiny compared to the usual InfoSec tome.
I believe once you’ve read and understood all of these, you could save companies hundreds of hours training time and be a useful asset much sooner (and not just sitting on the night-shift with a bunch of alerts and matching playbooks, none of which you really understand).